package edu.internet2.middleware.grouper.hooks.examples;

import edu.internet2.middleware.grouper.Group;
import edu.internet2.middleware.grouper.GrouperSourceAdapter;
import edu.internet2.middleware.grouper.cfg.GrouperConfig;
import edu.internet2.middleware.grouper.hooks.MembershipHooks;
import edu.internet2.middleware.grouper.hooks.beans.HooksContext;
import edu.internet2.middleware.grouper.hooks.beans.HooksMembershipChangeBean;
import edu.internet2.middleware.grouper.hooks.logic.HookVeto;
import edu.internet2.middleware.grouper.privs.AccessPrivilege;
import edu.internet2.middleware.grouper.util.GrouperUtil;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;

/* loaded from: input_file:edu/internet2/middleware/grouper/hooks/examples/AssignReadonlyAdminPrivilegeVetoMembershipHook.class */
public class AssignReadonlyAdminPrivilegeVetoMembershipHook extends MembershipHooks {
    private static final Log logger = GrouperUtil.getLog(AssignReadonlyAdminPrivilegeVetoMembershipHook.class);

    @Override // edu.internet2.middleware.grouper.hooks.MembershipHooks
    public void membershipPreRemoveMember(HooksContext hooksContext, HooksMembershipChangeBean hooksMembershipChangeBean) {
        if (Group.deleteOccuring()) {
            return;
        }
        if (AccessPrivilege.READ.getField().getName().equals(hooksMembershipChangeBean.getMembership().getField().getName()) && StringUtils.equals(hooksMembershipChangeBean.getMember().getSubjectSourceId(), GrouperSourceAdapter.groupSourceId())) {
            Group group = hooksMembershipChangeBean.getGroup();
            if (group.getAttributeDelegate().hasAttributeOrAncestorHasAttribute(GrouperConfig.retrieveConfig().propertyValueStringRequired("grouper.readonlyAdminEnforced.attributeDefName"), false)) {
                if (GrouperConfig.retrieveConfig().propertyValueStringRequired("grouper.readonlyAdminEnforced.groupName").equalsIgnoreCase(hooksMembershipChangeBean.getMember().toGroup().getName())) {
                    throw new HookVeto("readonlyAdmin.remove.veto", "Cannot remove read-only admin's READ privilege.");
                }
            }
        }
    }
}
